Conversation
There was a problem hiding this comment.
@data-douser has requested to close this alert
There was a problem hiding this comment.
@data-douser has requested to close this alert
Contributor
Dependency ReviewThe following issues were found:
License Issuespackage-lock.json
OpenSSF ScorecardScorecard details
Scanned Files
|
Contributor
There was a problem hiding this comment.
Pull request overview
This PR enhances the CodeQL CLI version management infrastructure to consistently track and update the extensions/vscode/package.json file alongside other version-bearing files in the repository. It also performs a minor ESLint dependency update from ^10.0.0 to ^10.0.1 and bumps all versions from 2.24.1 to 2.24.2 to align with CodeQL CLI version 2.24.2.
Changes:
- Enhanced version management to include
extensions/vscode/package.jsonin the CLI-aligned versioning strategy across scripts, workflows, and documentation - Updated ESLint from
^10.0.0to^10.0.1across all package.json files - Bumped version from
2.24.1to2.24.2in all version-bearing files
Reviewed changes
Copilot reviewed 7 out of 8 changed files in this pull request and generated no comments.
Show a summary per file
| File | Description |
|---|---|
| server/scripts/update-release-version.sh | Added extensions/vscode/package.json to both collect_versions() and update_versions() functions for consistent version tracking |
| .github/workflows/update-codeql.yml | Updated PR description template and summary table to explicitly mention extensions/vscode/package.json updates |
| .github/skills/upgrade-codeql-cli-and-packs/SKILL.md | Updated documentation to clarify that extensions/vscode/package.json is included in versioning and replaced specific version examples with generic placeholders (X.Y.Z) |
| package.json | Updated ESLint to ^10.0.1 and version to 2.24.2 |
| client/package.json | Updated ESLint to ^10.0.1 and version to 2.24.2 |
| server/package.json | Updated ESLint to ^10.0.1 and version to 2.24.2 |
| extensions/vscode/package.json | Updated ESLint to ^10.0.1 and version from 2.24.1 to 2.24.2 |
| package-lock.json | Regenerated with ESLint 10.0.1 and transitive dependency updates, all package versions set to 2.24.2 |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
This pull request updates the CodeQL CLI version management process to consistently include the
extensions/vscode/package.jsonfile across documentation, scripts, and workflows. It also performs a minor dependency update for ESLint in severalpackage.jsonfiles. The most important changes are grouped below:Versioning Process Improvements:
SKILL.md) to clarify thatextensions/vscode/package.jsonis included in the CLI-aligned versioning strategy and to use generic version placeholders (e.g.,X.Y.Z) for clarity. [1] [2] [3]update-codeql.yml) to explicitly mention and summarize changes toextensions/vscode/package.jsonalongside other version-bearing files. [1] [2]update-release-version.shscript to detect and update the version inextensions/vscode/package.jsonin addition to otherpackage.jsonfiles. [1] [2] [3]Dependency Updates:
eslintfrom^10.0.0to^10.0.1inpackage.json,client/package.json,server/package.json, andextensions/vscode/package.jsonto ensure consistency and up-to-date linting across the codebase. [1] [2] [3] [4]Version Bump:
extensions/vscode/package.jsonfrom2.24.1to2.24.2to reflect the new CLI version.